Hi, I'm trying to add support for having rpm-ostree listen on a socket, and it's being blocked by current policy: Jun 25 17:39:05 cosa-devsh audit[1]: AVC avc: denied { create } for pid=1 comm="systemd" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:install_t:s0 tclass=unix_stream_socket permissive=0 Unlike most other daemons, rpm-ostreed runs as `install_t` because it may set SELinux security contexts. Anyways just like we allow systemd to create [root@cosa-devsh ~]# ls -alZ /run/docker.sock srw-rw----. 1 root docker system_u:object_r:container_var_run_t:s0 0 Jun 25 17:38 /run/docker.sock Let's allow it to listen on an install_t socket please.
This bug appears to have been reported against 'rawhide' during the Fedora 35 development cycle. Changing version to 35.